1. Data Controller
eWatt Smart Power Systems Oy, Business ID 3321142-9, Tourulantie 6 A 36, 40100 Jyväskylä, firstname.lastname@example.org
2. Contact Person Responsible for the Register
3. Customer Register
Customer data is processed for invoicing purposes using the Procountor invoicing system. Customer data for order processing and deliveries is stored in the company's online store customer management system. All customer data is accessible in the eWatt customer portal.
4. Legal Basis and Purpose of Personal Data Processing
The legal basis for the processing of personal data in accordance with the EU General Data Protection Regulation is: • Customer consent • Customer relationship (service management, invoicing, communication) • A contract in which the customer is a party (=description and image usage agreement or other agreed matter) • Providing material or information for an official application In addition to the above information, the purpose of processing personal data is communication with customers and possible marketing. Data is not used for automated decision-making or profiling.
5. Content of the Register
The data stored in the register includes: the individual's name, position (for corporate customers only), company/organization (for corporate customers only), contact information (phone number, email address, address), IP address of the internet connection, profiles/accounts on social media services, information about ordered services and any changes to them, billing information, and other information related to customer relationships and ordered services. Depending on the customer relationship, the above information is retained for as long as necessary. Customers can request the deletion of their data. Personal data sent for official applications will be deleted within 5 days unless the data is needed for invoicing. Unless otherwise agreed by the parties, personal data is processed for as long as services are provided as per the service agreement or as required by legislation.
6. Regular Data Sources
The data to be stored in the register is obtained from the customer through online store orders, chat channels, email, phone, social media services, contracts, customer meetings, and other situations where the customer provides their information.
7. Regular Disclosures of Data and Transfers of Data Outside the EU or EEA
Data is not disclosed to other parties unless necessary for the provision of the service to the customer. Data can be disclosed and published to the extent agreed with the customer. Collected personal data can also be disclosed to the extent allowed and required by applicable legislation, such as to government authorities. Data may also be transferred by the data controller outside the EU or EEA if the customer relationship or service delivery requires it.
8. Principles of Register Protection
Care and diligence are followed in the processing of the register, and the data processed through the information systems are protected appropriately. When registry data is stored on Internet servers, their hardware security is appropriately taken care of. The data controller ensures that the stored data and server access rights and other critical data related to the security of personal data are handled confidentially and only by employees whose job description includes it.
9. Right of Inspection and Right to Request Data Correction
Every individual in the register has the right to check the data stored about them in the register and to request the correction of any incorrect information or the supplementation of any incomplete information. If an individual wishes to check the data stored about them or request corrections, the request should be made in writing to the data controller. The data controller may request the requester to prove their identity if necessary. The data controller will respond to the customer in accordance with the time frame specified in the EU General Data Protection Regulation (usually within one month).
10. Other Rights Related to the Processing of Personal Data
Individuals in the register have the right to request the deletion of their personal data from the register ("the right to be forgotten"). Registered individuals also have other rights in accordance with the EU General Data Protection Regulation, such as the right to limit the processing of personal data in certain situations. Requests should be made in writing to the data controller. The data controller may request the requester to prove their identity if necessary. The data controller will respond to the customer in accordance with the time frame specified in the EU General Data Protection Regulation (usually within one month)."